r2: Changed Environment object to be BugTrack ($env --> $bugsys).. hopefully this...

[bugdar.git] / login.php

<?php
/*=====================================================================*\
|| ################################################################### ||
|| # [#]app[#] [#]version[#]
|| # --------------------------------------------------------------- # ||
|| # All parts of this file are ©2003-[#]year[#] Iris Studios, Inc. No     # || 
|| # part of this file may be reproduced in any way: part or whole.  # ||
|| # --------------------------------------------------------------- # ||
|| # ©2003 - [#]year[#] Iris Studios, Inc. | http://www.iris-studios.com   # ||
|| ################################################################### ||
\*=====================================================================*/

require_once('./global.php');

// ###################################################################

if ($bugsys->userinfo['userid'] AND $_REQUEST['do'] != 'logout' AND $_POST['do'] != 'cplogin')
{
        echo 'You are already logged in.';
        exit;
}

// ###################################################################

if (empty($_REQUEST['do']))
{
        echo <<<EOF
<form action="login.php" name="register" method="post">
<input type="hidden" name="do" value="login" />
<input type="hidden" name="goindex" value="1" />
Email: <input type="text" name="email" size="30" /><br />
Password: <input type="password" name="password" size="30" /><br />
Remember Me: <input type="checkbox" name="rememberme" value="1" checked="checked" /> Yes<br />
<input type="submit" name="submit" value="Login" accesskey="s" /> <input type="reset" name="reset" value="Reset" accesskey="r" />
</form>
EOF;
}

// ###################################################################

if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin')
{
        sanitize(array('email' => STR_NOHTML, 'password' => STR, 'rememberme' => INT));
        
        if ($_POST['cplogin'])
        {
                $vars['rememberme'] = 1;
        }
        
        if ($_POST['goindex'])
        {
                $_SERVER['HTTP_REFERER'] = '';
        }
        
        if ($_SERVER['HTTP_REFERER'])
        {
                $url = $_SERVER['HTTP_REFERER'];
        }
        else
        {
                $url = 'index.php';
        }
        
        $userinfo = $DB_sql->query_first("SELECT * FROM user WHERE email = '" . addslasheslike($vars['email']) . "'");
        if (md5(md5($vars['password']) . md5($userinfo['salt'])) == $userinfo['password'])
        {
                mysetcookie(COOKIE_PREFIX . 'userid', $userinfo['userid'], $vars['rememberme']);
                mysetcookie(COOKIE_PREFIX . 'authkey', $userinfo['authkey'], $vars['rememberme']);
        }
        else
        {
                mysetcookie(COOKIE_PREFIX . 'userid');
                mysetcookie(COOKIE_PREFIX . 'authkey');
                echo 'Invalid email or password.';
                exit;
        }
        
        if ($_POST['do'] == 'cplogin')
        {
                mysetcookie(COOKIE_PREFIX . 'adminsession', md5(md5($userinfo['authkey']) . md5($userinfo['email']) . md5($userinfo['userid'])));
        }
        
        echo 'You are now logged in :-)';
        
        header("Location: $url");
}

// ###################################################################

if ($_REQUEST['do'] == 'logout')
{
        if ($bugsys->userinfo['userid'])
        {
                mysetcookie(COOKIE_PREFIX . 'userid');
                mysetcookie(COOKIE_PREFIX . 'authkey');
        }
        else
        {
                echo 'You need to be logged in!';
        }
}

/*=====================================================================*\
|| ###################################################################
|| # $HeadURL$
|| # $Id$
|| ###################################################################
\*=====================================================================*/
?>